You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!

Apple's letter says "While we repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts." If Bloomberg can't produce some detail that makes the claim plausible to those of us who understand a bit about the technology -- what is this "grain of rice"? what is it connected to? how does it get the information out? (maybe it really is a grain of rice, I'm reminded of Dilbert's pointy-haired boss thinking an etch-a-sketch was a tablet computer) -- I for one won't be inclined to believe them.

It wouldn't be the first time a respectable journal published something that turned out to be untrue: see Hitler Diaries - Wikipedia for instance.

Apple's letter says "While we repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts." If Bloomberg can't produce some detail that makes the claim plausible to those of us who understand a bit about the technology -- what is this "grain of rice"? what is it connected to? how does it get the information out? (maybe it really is a grain of rice, I'm reminded of Dilbert's pointy-haired boss thinking an etch-a-sketch was a tablet computer) -- I for one won't be inclined to believe them.

It wouldn't be the first time a respectable journal published something that turned out to be untrue: see Hitler Diaries - Wikipedia for instance.

On the other hand, it also wouldn't be the first time that respectable companies have denied something embarrassing that turned out to be true.

My suspicion is that Bloomberg really believe what they've printed, but they've been professionally scammed by someone who would dearly like to see a real trade war between China and the USA -- and there's one obvious candidate, and it's certainly not China. This would explain both Bloomberg's emphasis that they're right and Apple's that they're wrong.

But until more real evidence one way or the other comes to light, this is all speculation...

What we have here is a respectable news source -- one which doesn't usually toss out unverified stories -- saying one thing, and other sources completely denying that what they said has any foundation in fact.

Most, if not all, in the ICS community agree that their 2014 pipeline "cyberwar" story was a hoax. Some of the best and most authoritative reporting on the 2008 Turkey pipeline blast was done by the German quality daily Süddeutsche Zeitung:

@carop -- I said "usually", not "always" -- all publications get stories wrong sometimes, at least Bloomberg isn't Fox News or the Daily Mail.

@Daniel -- you may be right, but you're making authoritative statements ("...is fake news...") with no more proof than anyone else. Unless you've got secret access to Bloomberg's sources or Apple internal documents, this is still your opinion, not a verifiable fact.

So let's wait until more *facts* (on both sides) come out before making "fake news" statements like this; doing otherwise gives people the same credibility as Trump ;-)

Mercedes, volvo, bmw, samsung, google pixel, ..... can't keep any of their ip private. Apple's had issues but the clone products aren't competitive yet. Soon as someone successfully clones an iphone apple will be screaming too. Let's say it like it is there is a bigger player than apple involved.

We've reached a point where some brands sales are significantly down. Mercedes has already discontinued the v12 because they can't afford it anymore. I wouldn't be shocked in 5 years bmw or mercedes aren't sold to the chinese. Things are that bad.

So let's wait until more *facts* (on both sides) come out before making "fake news" statements like this; doing otherwise gives people the same credibility as Trump ;-)

Trump can boil in his own corrupt juices.

A hardware implant hidden between the board layers is definitely something though. I would love to see a pic if it exits. I suspect security shops hungry for publicity are busy pulling SuperMicro boards apart ;-)

I personally think it would be much easier to implant backdoors on motherboard components that execute firmware and are readily available on the market such as Ali Baba, Tao Bao or eBay:

Buy the BMC chip (it is ASPEED 2400) in bulk, implant backdoor and hand over to your assembly shop:

You're right the case isn't as clear as it should be. Bloomberg could of done a better job but corporate espionage and of stealing of ip is going on. Companies are making clones of products before the original is released to the public.

Quote: " Unless this 'grain' chip can run out of solar power or wind power (fans in the system), 'power on self test' should detect any excess power being consumed."

IF this story is true, then this chip is very small (includes few Kgates or so), and the power consumed is negligible for a server board (CPU itself consuming few 100's Watts). Second point, when you manufacture the M/B, you can add any "wire" (tracks) in the substrate to connect the chip to Vdd, Vss, and obviously to certain signals.

I consider the mention of TSMC in this story as malicious, or showing that the person who post it really know nothing about chip design and manufacturing... Semiwiki is not the right palace for such post, too many readers understand about semiconductor, and fabs!

I suggest you ignore the specifics of the article. But if your organization subcontracts for electronics from *anywhere* and that electronics routinely carries personal identifiable data of potentially economic or privacy value, you should be figuring out how to secure your supply line. Both hardware and firmware. This is not a game. Just look at what goes on with your internet, how often your home router is scanned and the verified stories of industrial or personal hacks there. Now, you seriously think those perps have not moved on to the devices? If you dream that, I have a bridge to sell you (with chips in it).

Yes, they need to either "show us the money" or stop publishing vague allegations that don't convince anyone with a bit of knowledge of the technology.

Yeah, like nobody believed that Cisco routers could possibly have "undetectable" hardware spying built in until the US spooks were caught intercepting shipments, opening the boxes up, installing this, then resealing them and sending them on their way...

So if the USA can (and has) done this, why can't China?

Not saying the Bloomberg hack did or didn't happen, just that saying "it can't/couldn't be done" is 100% wrong because it already has been...